Title: wp_trusted_keys
Published: May 7, 2019
Last modified: April 28, 2025

---

# wp_trusted_keys(): string[]

## In this article

 * [Return](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#return)
 * [Source](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#source)
 * [Hooks](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#hooks)
 * [Related](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#changelog)

[ Back to top](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#wp--skip-link--target)

Retrieves the list of signing keys trusted by WordPress.

## 󠀁[Return](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#return)󠁿

 string[] Array of base64-encoded signing keys.

## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#source)󠁿

    ```php
    function wp_trusted_keys() {
    	$trusted_keys = array();

    	if ( time() < 1617235200 ) {
    		// WordPress.org Key #1 - This key is only valid before April 1st, 2021.
    		$trusted_keys[] = 'fRPyrxb/MvVLbdsYi+OOEv4xc+Eqpsj+kkAS6gNOkI0=';
    	}

    	// TODO: Add key #2 with longer expiration.

    	/**
    	 * Filters the valid signing keys used to verify the contents of files.
    	 *
    	 * @since 5.2.0
    	 *
    	 * @param string[] $trusted_keys The trusted keys that may sign packages.
    	 */
    	return apply_filters( 'wp_trusted_keys', $trusted_keys );
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-admin/includes/file.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-admin/includes/file.php#L1540)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-admin/includes/file.php#L1540-L1558)

## 󠀁[Hooks](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#hooks)󠁿

 [apply_filters( ‘wp_trusted_keys’, string[] $trusted_keys )](https://developer.wordpress.org/reference/hooks/wp_trusted_keys/)

Filters the valid signing keys used to verify the contents of files.

## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#related)󠁿

| Uses | Description | 
| [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` |

Calls the callback functions that have been added to a filter hook.

  |

| Used by | Description | 
| [verify_file_signature()](https://developer.wordpress.org/reference/functions/verify_file_signature/)`wp-admin/includes/file.php` |

Verifies the contents of a file against its ED25519 signature.

  |

## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_trusted_keys/?output_format=md#changelog)󠁿

| Version | Description | 
| [5.2.0](https://developer.wordpress.org/reference/since/5.2.0/) | Introduced. |

## User Contributed Notes

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_trusted_keys%2F)
before being able to contribute a note or feedback.